PDA

View Full Version : HTTP request question




MACloop
Aug 17, 2010, 02:56 AM
Hello,
I would like to accomplish a login to a web service "in the background" in my app. This means - the user will not be redirected to a webpage to login. The user shall only give in the username and password in the app and the rest will be done in the background. (Something like the app for facebook or itunes). How do I do that? The login site is a jsp site and they use POST to send over the parameters.
Any ideas?
Thanks in advance!
MACloop

FYI: I use OAuth and did manage to do this by opeing the login in a UIWebView in my app. The user (aka myself) could login and it worked fine.



KoolStar
Aug 17, 2010, 07:07 AM
Why not take a look at NSURLConnection.

MACloop
Aug 17, 2010, 07:46 AM
Why not take a look at NSURLConnection.

Thanks for the hint but I have done that and it works fine. The connection/request is not the problem. The problem is rather that the communication has to be done with a html form. I have managed to fix it in a very ugly way and I thought it might be a better way to do this.

What I do now is:
1. I send (via POST) values for username and password
2. the site returns a "grant site" if username and password are correct. On this site the user is supposed to click a grant or deny button. My user does not se this page and can not push any buttons. In my code I go through the html code sent and use the href tag value in order to "push" the button.
3. The next step returns another html site with a verification code. Once again I have to go through the html tags in the return data, in order to get this value.

This solution works BUT my concern is "what if the serverside changes the html code"? This way of doing this is far to dependent on the code returned. My code would not work anymore if one the tags and id:s on the site would be changed.

MACloop

Luke Redpath
Aug 17, 2010, 08:09 AM
The whole point of OAuth is that you don't have to interact directly with the user to obtain their username and password; they do that with the provider directly and it gives you back an access token.

You really ought to be displaying a UIWebView with the provider's OAuth login page otherwise why bother with OAuth?

PhoneyDeveloper
Aug 17, 2010, 09:33 AM
Take a look at the AdvancedURLConnections sample code from apple. I haven't looked at it in detail but I think it shows how to do this.

MACloop
Aug 18, 2010, 02:22 AM
Take a look at the AdvancedURLConnections sample code from apple. I haven't looked at it in detail but I think it shows how to do this.

I will do that - thanks alot!
MACloop

MACloop
Aug 18, 2010, 02:28 AM
The whole point of OAuth is that you don't have to interact directly with the user to obtain their username and password; they do that with the provider directly and it gives you back an access token.

You really ought to be displaying a UIWebView with the provider's OAuth login page otherwise why bother with OAuth?

ok, I did not know that... I have to concider doing that. The answer from the login has the verification code I suppose. Is it possible to close the webview after the login is done? And after that use the verification code to do the rest of the access?

Another question - if I would like to save the login process in NSUserDefaults...how would I do that? What parameters has to be saved? Is it possible to look if they are valid (the verification code is only valid for 31 days) and if it is not valid, do the process again?

Thanks for your advice and help!
MACloop

seepel
Aug 18, 2010, 03:28 AM
ok, I did not know that... I have to concider doing that. The answer from the login has the verification code I suppose. Is it possible to close the webview after the login is done? And after that use the verification code to do the rest of the access?

Another question - if I would like to save the login process in NSUserDefaults...how would I do that? What parameters has to be saved? Is it possible to look if they are valid (the verification code is only valid for 31 days) and if it is not valid, do the process again?

Thanks for your advice and help!
MACloop

Typically you would want to save the authorization token in the keychain. There are a couple of projects on Google Code that handle this process from start to finish. Take a look at
http://code.google.com/p/gdata-objectivec-client/ and http://code.google.com/p/oauthconsumer/